PHYSICIANphysician... So, I was sitting here musing about illnesses and injuries and remembering my cousin, now departed at the age of only 38, who was a doctor and how everyone used to call her for medical advice. She always told them 'go to your own doctor' which sounded harsh but I can understand that she couldn't make on-the-spot diagnoses and that it must have been quite stressful to have everyone asking for free consultations all the time. And I thought how no-one ever asks me to help them fix their computers, with the exception of one friend who did ask and how happy I was to be able to analyse her Trojan and advise her on its actions (info stealing) and how best to protect herself in the future, when The Ragazza rang in a state of stress because her computer was infected. Talk about coincidences! From our discussion it is evident that she had a Zbot running. She knew its location and its name but she couldn't stop it or delete it. Her free version of AVG had failed to recognise and quarantine it and she was helpless. This is a rather disappointing failure on the part of AVG because the software should have recognised the behaviour of the Zbot, creating a new folder, dropping a different version of itself to a new location, attempting an internet connection to download its owner's requirements as in which banks to target and where to send the harvested bank credentials, adding a registry entry to make it start automatically all equal Bad Guy Behaviour. And if that sounds harsh then you should know that each week millions of new variants of malware are set free to roam the internet and that the only real form of defence against them lies in run-time behavioural analysis. So, I talked her through system restore as in taking her computer back to a previous image created by the Windows operating system the day before her birthday which would remove the registry setting that is enabling this malware to run on start-up and also, I hope, would delete it. This took a while because her laptop uses Vista, Lily uses Windows 7 and my VAIO PC uses XP. All of which have different ways to find the restore utility. I also talked her through command prompt, as in, getting in to DOS commands underneath Windows to manipulate files and folders so that we could find the malware and, hopefully, rename it to a .ex from a .exe file so that it cannot run. And then I asked her to go to another AV website to download a free virus scan in which I have greater confidence. We also discussed how, after accessing her online bank account she should always delete her browsing history, cookies, etc etc And that she must change from running as an admin to a restricted user account And that to be safe she should now call her bank and ask them to change her online login details And explain why (her mom said to) And to make a note of all we did because I may not be here next time And to inform AVG that they had let a Zbot slip through the net How did she get a Zbot infection? No, she did not open a dodgy email, she did not fall for a FaceBook scam, she did not visit a dodgy website. all she did was go to a 'normal' website which has, it seems, been infected. I forget the stats on how many websites are infected with malware but the number is alarmingly high and even the top sites such as CNN and the BBC are victims at some time. So, not so much physician heal thyself as techie rescue thy firstborn

physician...

So, I was sitting here musing about illnesses and injuries and remembering my cousin, now departed at the age of only 38, who was a doctor and how everyone used to call her for medical advice. She always told them 'go to your own doctor' which sounded harsh but I can understand that she couldn't make on-the-spot diagnoses and that it must have been quite stressful to have everyone asking for free consultations all the time.

And I thought how no-one ever asks me to help them fix their computers, with the exception of one friend who did ask and how happy I was to be able to analyse her Trojan and advise her on its actions (info stealing) and how best to protect herself in the future, when The Ragazza rang in a state of stress because her computer was infected.

Talk about coincidences!

From our discussion it is evident that she had a Zbot running. She knew its location and its name but she couldn't stop it or delete it. Her free version of AVG had failed to recognise and quarantine it and she was helpless.

This is a rather disappointing failure on the part of AVG because the software should have recognised the behaviour of the Zbot, creating a new folder, dropping a different version of itself to a new location, attempting an internet connection to download its owner's requirements as in which banks to target and where to send the harvested bank credentials, adding a registry entry to make it start automatically all equal Bad Guy Behaviour. And if that sounds harsh then you should know that each week millions of new variants of malware are set free to roam the internet and that the only real form of defence against them lies in run-time behavioural analysis.

So, I talked her through system restore as in taking her computer back to a previous image created by the Windows operating system the day before her birthday which would remove the registry setting that is enabling this malware to run on start-up and also, I hope, would delete it.

This took a while because her laptop uses Vista, Lily uses Windows 7 and my VAIO PC uses XP. All of which have different ways to find the restore utility.

I also talked her through command prompt, as in, getting in to DOS commands underneath Windows to manipulate files and folders so that we could find the malware and, hopefully, rename it to a .ex from a .exe file so that it cannot run.

And then I asked her to go to another AV website to download a free virus scan in which I have greater confidence.

We also discussed how, after accessing her online bank account she should always delete her browsing history, cookies, etc etc

And that she must change from running as an admin to a restricted user account

And that to be safe she should now call her bank and ask them to change her online login details And explain why (her mom said to)

And to make a note of all we did because I may not be here next time

And to inform AVG that they had let a Zbot slip through the net

How did she get a Zbot infection?

No, she did not open a dodgy email, she did not fall for a FaceBook scam, she did not visit a dodgy website. all she did was go to a 'normal' website which has, it seems, been infected.

I forget the stats on how many websites are infected with malware but the number is alarmingly high and even the top sites such as CNN and the BBC are victims at some time.

So, not so much physician heal thyself as techie rescue thy firstborn